To prevent call originations by fraudulent mobile stations (MSs), wireless system operators may choose to authenticate a MS using a procedure generally known as Global Challenge Authentication (GCA). During this procedure, the MS uses a random number (RAND) that is broadcast on the control channel to generate an authentication result (AUTHR) that uniquely identifies the MS based on shared secret data (SSD) stored in the MS. The MS uses the AUTHR and a portion of the random number (RANDC) in the call origination attempt and a comparison is made between the received AUTHR and the AUTHR generated by the Authentication Center (AC) using the same input parameters used to determine the authenticity of the MS.
GCA has some potential drawbacks including the potential inability of the serving system to determine the random number from the RANDC received from the mobile; the possibility that the mobile may not include the appropriate authentication parameters in the origination; the possibility that the authentication results may not match for a valid MS due to the SSD in the MS and the AC becoming out of synchronization; and attempts to gain fraudulent system access using a replay scenario can go undetected. As a result of these drawbacks, the wireless system operator may choose to authenticate the origination by performing a unique challenge or SSD update following a global challenge failure or as a follow up to global challenge authentication.
For a mobile origination, the unique challenge and/or SSD update operations are performed on the traffic channel assigned to the MS and may be performed prior to, or in parallel with call setup. If the operation is performed prior to call setup, the authenticity of the MS can be determined before the call is routed at a cost of delaying call setup. If however, the operation is performed in parallel with call setup, no delay is encountered. However, there is a risk that the call may be answered before the operation is complete which could result in fraudulent usage of system resources if the MS fails the authentication. Further, if the origination was performed to update the subscriber profile via a feature code, a fraudulent MS could update the valid subscriber profile. This could result in a loss of revenue for the wireless system operator if, for example, a fraudulent MS activated call forwarding and registered a long distance number as the forwarding number with the intention of obtaining free long distance service.
It has been found that in order to minimize call setup delay while preventing fraudulent system access, a good approach is to utilize GCA and perform subsequent traffic channel authentication operations based on the outcome of the global challenge. If the GCA is successful, any subsequent authentication operation (e.g. SSD update) should be performed in parallel with call setup because the authenticity of the MS has been verified and there is no reason to delay call setup. However, if GCA is not successful, a subsequent authentication operation, if any, should be performed prior to call setup because the authenticity of the MS has not been verified.
Chapter 6, sections 4.4.3 and 4.4.4 of Cellular Radiotelecommunications Intersystem Operations (ANSI/TIA/EIA-41-D), which is herein referred to as ANSI-41, defines the messages and parameters that are used by a serving mobile switching center (MSC) to request authentication of a mobile system access from the MS's AC. The response to the authentication request may contain a parameter (Deny Access) indicating that the authentication failed and that access should be denied. Alternatively, the response may contain parameters requesting the additional authentication operations (e.g.,unique challenge or SSD update) be performed. Currently, ANSI-41 does not allow the response to include both the Deny Access parameter and parameters requesting an authentication operation. Thus, if the AC requests that a subsequent authentication operation be performed following a GCA failure, the serving MSC will have no knowledge of the authentication failure. As a result, the serving MSC will be unable to decide based on the result of the GCA whether to perform the requested operation prior to or in parallel with call setup. This could lead to fraudulent system access or fraudulent subscriber feature profile updates.
Thus there is a need for a method by which the MSC can decide when to initiate call setup based on knowledge of the GCA procedure results.